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Abstract 

Constraint Logic Programming (CLP) and Hereditary Harrop Formulas (HH)&re two well 
known ways to enhance the expressivity of Horn clauses. In this paper, we present a novel 
combination of these two approaches. We show how to enrich the syntax and proof theory 
of HH with the help of a given constraint system, in such a way that the key property of HH 
as a logic programming language (namely, the existence of uniform proofs) is preserved. 
We also present a procedure for goal solving, showing its soundness and completeness for 
computing answer constraints. As a consequence of this result, we obtain a new strong 
completeness theorem for CLP that avoids the need to build disjunctions of computed 
answers, as well as a more abstract formulation of a known completeness theorem for HH. 

keywords: constraint systems, hereditary Harrop formulas, uniform proofs, goal solving. 



1 Introduction 

Traditionally, the logic of Horn clauses has been considered as the basis for logic 
programming ( |Van Emden and Kowalski, 1976| ) . In spite of its Turing completeness 
jAndreka and Nemeti, 19781 ), the lack of expressivity of Horn clauses for program- 
ming purposes is widely acknowledged. During the last decade, different extensions 
of Horn clauses have been proposed, with the aim of increasing expressivity with- 
out sacrificing the declarative character of pure logic programming. Among such 
extensions, two important approaches are Constraint Logic Programming {CLP) 
and Hereditary Harrop Formulas (HH). 

* This is a substantially revised and extended version of 
jLeach, Nie va and Rodriguez- Artalcj o, 1997) . The authors have been partially supported 
by the Spanish National Project TIC 98-0445-C03-02 TREND and the Esprit BRA Working 
Group EP-22457 CCLII. 
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The CLP scheme ( |Jaffar and Lassez, 1987| ) goes beyond the limitations of the 
Herbrand universe by providing the ability to program with Horn clauses over 
different computation domains, whose logical behaviour is given by constraint sys- 
tems. CLP languages keep all the good semantic properties of pure logic program- 
ming, including soundness and completeness results flJaffar et al., 1996| ). Their im- 
plementation relies on the combination of SLD resolution with dedicated algorithms 
for constraint entailment, solving and simplification. Therefore, efficient and yet 
declarative programs can be written to solve complex combinatorial problems. See 
(Jaffa r~and Maher, 1994| ) for a survey of the foundations, implementation issues 
and applications of CLP languages. 

On the other hand, the HH approach ^Miller, Nadathur and Scedrov, 1987| ) over- 
comes the inability of Horn clauses to provide a logical basis for several constructions 
commonly found in modern programming languages, such as scoping, abstraction 
and modularity. This is achieved by extending Horn clauses to a richer fragment of 
intuitionistic logic that allows us to use disjunctions, implications and quantifiers in 
goals. In fact, HH is a typical example of an abstract logic ■programming language, in 
the sense of jMiller et al., 1991) ). Abstract logic programming languages are charac- 
terized by the fact that the declarative meaning of a program, given by provability 
in a deduction system, can be interpreted operationally as goal-oriented search for 
solutions. Technically, the existence of uniform proofs for all provable goal formu- 
las permits the search interpretation of provability. The implementation of pro- 
gramming languages based on HH, such as A-Prolog ( |Miller and Nadathur, 19861 
INadathur and Miller, 1988| ), requires the resolution of the problem of unifying terms 
occurring under the scope of arbitrary quantifier prefixes. Correct unification al- 
gorithms for such problems have been studied in ( |Miller, 1992| |Nadathur, 1993). 
Moreover, |Nadathur, 1993| ) shows in detail the soundness and completeness of a 
goal solving procedure for the first-order HH language. 

The aim of this paper is to present a framework for the combination of the CLP 
and HH approaches, that incorporates the benefits of expressivity and efficiency 
that HH and CLP bring to logic programming, respectively. We will enrich the 
syntax of first-order HH with constraints coming from a given constraint system. 
The resulting language is such that all constructions and results are valid for any 
constraint system C, therefore we can speak of a scheme HH(X) with instances 
HH(C), as in CLP. We will define an amalgamated proof system that combines 
inference rules from intuitionistic sequent calculus with constraint entailment, in 
such a way that the key property of an abstract logic programming language is 
preserved. Moreover, we will also present a sound and complete procedure for goal 
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solving. As in CLP, the result of solving a goal using a program will be an answer 
constraint. 

The following simple program A, goal G and constraint R belong to the instance 
HH(1Z) given by the constraint system 1Z for real numbers. We will refer to this as 
the disc example in the sequel. 

A ee {\/xiy(x 2 + y 2 < 1 disc (x, y))} 
G = ~iy(y 2 < 1/2 => disc {x,yj) 
R = x 2 < 1/2 

In the example, the formula R turns out to be a correct and computable answer 
constraint in the resolution of G from A. Due to the soundness and completeness 
of the goal solving procedure, G can be deduced from A and R in the amalgamated 
proof system. In Figure 1 a uniform proof is presented of the sequent A; R \ — G, 
using the inferences rules of the calculus IAC which will be presented in Section 

From a technical point of view, for the particular case of the Herbrand constraint 
system, our completeness result boils down to a more abstract formulation of the 
completeness theorem in ( |Nadathur, 1993| ) . In the case of CLP programs using only 
Horn clauses with constraints, our goal solving procedure reduces to constrained 
resolution, and our completeness theorem yields a form of strong completeness for 
success that avoids the need to build disjunctions of computed answers, in contrast 
to ( |Maher, 19871 ), Th. 2 (see also ( |Jaffar et al, 1996D , Th. 4.12). The reason for this 
discrepancy is that our amalgamated proof system uses more constructive inference 
mechanisms to deduce goals from program clauses, as we will see. 

The rest of this paper is organized as follows: Section|5]shows some programming 
examples, that illustrate the specific benefits of the combination of CLP and HH. 
In Section we recall the notion of a constraint system and we define the syntax of 
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HH with constraints. In Section0]we present an intuitionistic proof system for HH 
with constraints, and we show the existence of uniform proofs, then an equivalent 
proof system allowing only uniform proofs is defined. Based on this second calculus, 
a sound and complete procedure for goal solving is presented as a transformation 
system in Section |SJ In Section we summarize conclusions and possible lines for 
future research. In order to improve readability of the paper, some proofs have been 
omitted or compressed in the main text. Full proofs appear in the Appendix. 

2 Examples 

Although simple, the programs of this section exemplify the programming style 
in HH(X) languages, combining the characteristic utilities of iffl-such as to add 
temporarily facts to the program or to limit the scope of the names- with the ad- 
vantages of using constraint solvers, instead of syntactical unification. The syntax 
used in the examples is basically that of HH languages, with the addition of con- 
straints in clause bodies and goals. In particular, the notation t ~ t' will be used 
for equality constraints. More formal explanations will follow in Section 

The programs below are based on a constraint system which is defined as a com- 
bination of 1Z (real numbers) and TL (Herbrand universe). This constraint system 
underlies the well known language CLP(1Z) ( |Jaffar et al., 1992] ). The elements in 
the intended computation domain can be represented as trees whose internal nodes 
are labeled by constructors, and whose leaves are labeled either by constant con- 
structors or by real numbers. In particular this includes the representation of lists, 
possibly with real numbers as members. We will use Prolog's syntax for the list 
constructors. 

Example 2.1 (Hypothetical queries in a data base system) 

The following program keeps record of the marks of different students in two exer- 
cises they have to do to pass an exam. 

exercisel(bob, 4). 
exercisel (fran, 3) . 
exercise2(f ran, 6). 
exercisel (pep, 5). 
exercise2(pep, 6). 

pass(X) <= exercisel(X,Nl)Aexercise2(X,N2) A (Nl + N2)/2 > 5. 



While the goal G = pass(bob) fails, G = exercise2(bob, 6.5) pass(bob) succeeds. 
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To resolve this last goal, the fact exercise2{bob 1 6.5) is added to the program, but 
not permanently. If we would put again the query G = pass(bob) it would fail again. 

Suppose now we want to know the requirements a student has to fulfil to pass, 
then we add to the program the clauses: 

need-to-pass(A, []) <^= pass(A). 

need-to-pass(A, [exl(X)\L]) <f= (exercisel(A, X) => need-to-pass(A, L)) . 
need-to-pass(A, [ex2(X)\L]) (exercise2(A 1 X) =>■ need-to-pass(A, L)) . 

The goal G = need-to-pass(bob, L) will produce an answer equivalent in the con- 
straint system to 3N(L w [ea;2(JV)] A N > 6). 

To get this answer, the intermediate goal exercise2{A, X) =>• need-to-pass(A, LI) 
should be solved with the constraint A w bob. This would require: 

i) To introduce the fact exercise2(A, X) in the base. Note that the effect is dif- 
ferent to adding a clause in Prolog with assert, since this implies the universal 
quantification of A and X. 

ii) Try to solve the goal need-to-pass(A, []) with the first clause of this predicate, 
so to solving pass(A), with the constraint A w bob and LI w []. This will add the 
constraints X w N, (4 + N)/2 > 5. 

A similar example is shown in ( |Hodas, 1994| ), here the benefit is in the use of 
constraints allowing to write conditions about the real numbers that help to solve 
the goal more efficiently. □ 

Example 2.2 {Fibonacci numbers) 

( |Cohen, 1990| ) uses the computation of Fibonacci numbers as a simple example to 
illustrate the advantages of constraint solving w.r.t. built-in arithmetic (as available 
in Prolog) . The recursive definition of Fibonacci sequence gives rise immediately to 
the following CLP(1Z) program: 

#(0,1). 
#(1,1). 

fib(N,Fl + F2) <= N > 2 A fib(N-l,Fl)) A fib(N - 2,F2). 

Thanks to the abilities of the constraint solver, this program is reversible. In ad- 
dition to goals such as #(10, X), with answer X w 89, we can also solve goals as 
fib(N, 89) with answer N m 10. However, the program is based on an extremely 
inefficient double recursion. As a consequence, it runs in exponential time, and 
multiple recomputations of the same Fibonacci number occur. 

In HH(7V) we can avoid this problem by using implications in goals to achieve 
the effect of tabulation. At the same time, the program remains reversible and close 
to the mathematical specification of the Fibonacci sequence. 
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fib(N,X) <= (memfib(0,l) => (memfib(l,l) getfib(N,X,l))). 
getfib(N,X,M) ^0<NAN<MA memfib(N,X). 

getfib(N,X,M) <= N > M A memfib(M - 1,F1) A memfib(M,F2) A 

(memfib(M + 1, Fl + F2) => getfib(N, X, M + 1)). 

A predicate call of the form getfib(N, X, M) assumes that the Fibonacci numbers 
fibi, with < i < M, are memorized as atomic clauses for memfib in the local 
program. The call computes the iV-th Fibonacci number in X; at the same time, the 
Fibonacci numbers fibi , with M < i < N arc memorized during the computation. 
Let us consider two simple goals for this program: 

i) Gi = fib(2,X). In order to solve G\, memfib(0, 1) and memfib(l, 1) are added 
to the local program, and the goal getfib(2, X, 1) is solved. Since 2 > 1, the first 
clause for getfib fails. The second clause for getfib puts memfib(2, 2) into the local 
program and produces the new goal getfib(2, X, 2), which is solved with answer 
X m 2 by means of the first clause. 

ii) G2 = fib(N, 2). Analogously, G2 is solved by solving getfib(N, 2, 1) after adding 
memfib(0, 1) and memfib(l, 1) into the local program. The first clause for getfib fails. 
Therefore, the constraint N > 1 is assumed and the new goal getfib(N, 2, 2) must 
be solved, after putting the atom memfib{2, 2) into the local program. Now, the 
first clause for getfib leads easily to the answer N w 2. 

In general, all goals of the two forms: 

i) fib(n,X), n given, 

ii) fib(N, /), / a given Fibonacci number 

can be solved by our goal solving procedure. Moreover, goals of the form i) can be 
solved in 0(n) steps. In ( |Miller, 1989| ), Miller showed that implicational goals can 
be used to store previously computed Fibonacci numbers, thus leading to an HH 
program that runs in time 0(n). Later Hodas (|1994H gave another memorized ver- 
sion of the computation of Fibonacci numbers, closer to the naive doubly recursive 
algorithm. Hodas' version combines implicational goals with a continuation-passing 
programming style which relies on higher-order predicate variables. The benefit of 
our version w.r.t. (Miller, 1989 Hod as, 1994| ) is the reversibility of the predicate fib 
that is enabled by constraint solving. □ 

Example 2.3 [Relating some simple parameters in a mortgage) 
The following program A is presented by Jaffar and Michaylov (1987) as an appli- 
cation of CLP{K)} 



This example is considered anew in jjaffar et al, 1992> . 
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mortgage(P, T, I, M, B) <= < T A T < 3 A Totallnt « T * (P * 7/1200)A 

P « P + Totallnt - (T * M). 
mortgage(P, T, I, M, B) <= T > 3 A Quartlnt » 3 * (P * J/1200)A 
mortgage(P + Quartlnt - 3 * M, T — 3,1, M, B). 

Where P stands for principal Payment, T for Time in months, I for Interest rate, 
M for Monthly payment, and B for outstanding Balance. 

In CLP(1Z) the goal G = mortgage(P, 6, 10, M, 0), produces the answer w 
1.050625 * P ~ 6.075 * M. From this answer we can deduce that P/(T * M) rj 
P/(6 * M) w 0.9637 (the number 0.9637 is calculated as an approximation), where 
P/(T * M) represents the quotient of loss for delayed payment. 

We consider now a more complicated problem, namely to find Imin, Imax (with 
< Imin < Imax) such that any mortgage whose quotient of loss lies in the interval 
[0.9637 . . 0.97] can be balanced in 6 months with some interest rate I lying in the 
interval [Imin . . Imax] . This problem can be formulated in HH(1Z) by the goal: 

G = VMVP(0.9637 < P/(6 * M) < 0.97 => 
31(0 < Imin < I < Imax A mortgage(P, 6, 1, M, 0))). 

Using the goal transformation rules i) — viii) of Section^ we can show a resolution 
of G from A that computes the answer constraint: 

Imax w 10 A Imin ri 8.219559 (approx.). 

More details on the resolution of this goal will be given in Example 15. 31 at the end 
of Section El □ 



3 Hereditary Harrop Formulas with Constraints 

As explained in the Introduction, the framework presented in this paper requires the 

enrichement of the syntax of Hereditary Harrop Formulas (shortly, HH) jMiller, Nadathur and Scedrov, 1987| 
|Miller et ai, 199"T] | with constraints coming from a given constraint system. Follow- 
ing QSaraswat, 1992| ), we view a constraint system as a pair C — (Cc, \~c), where Cc 
is the set of formulas allowed as constraints and \~c C 'P(Cc) x Cc is an entailment 
relation. We use C and Y to represent a constraint and a finite set of constraints, 
respectively. Therefore, Y \-q C means that the constraint C is entailed by the set 
of constraints Y. We write just \~c C if Y is empty. In fSaraswat, 1992| ), Cc and 
are required to satisfy certain minimal assumptions, mainly related to the logical 
behaviour of A and 3. Since we have to work with other logical symbols, our as- 
sumptions must be extended to account for their proper behaviour. Therefore, we 
assume: 
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i) Cc is a set of formulas including T (true), _!_ (false) and all the equations 
t » t' between terms over some fixed signature, and closed under A, 3, V 
and the application of substitutions of terms for variables. 

ii) he is compact, i.e., T he C holds iff Tq he C for some finite Tq C r. he is also 
generic, i.e., T he C implies Ta he Co~ for every substitution a. 

iii) All the inference rules related to A,=>,3,V and ks valid in the intuitionistic 
fragment of first-order logic are also valid to infer entailments in the sense of 
he- 

The notation Co~ used above means application to a constraint C of a substitution 
a = [ti/xi, . . . , t n /x n ], using proper renaming of the variables bound in C to avoid 
capturing free variables from the terms U, 1 < i < n. Ta represents the application 
of a to every constraint of the set Y. In the sequel, the notation Fa will also be 
used for other formulas F, not necessarily constraints. 

Note that the three conditions i), ii), iii) are meant as minimal requirements. In 
particular, the availability of the equality symbol « is granted in any constraint 
system, and it will always stand for a congruence. However, other specific axioms 
for equality may be different in different constraint systems. 

Observe also that item iii) above, does not mean that he is restricted to represent 
deducibility in some intuitionistic theory. On the contrary, our assumptions allow 
us to consider constraint systems C such that Cc is a full first-order language with 
classical negation, and T he C holds iff Axq U T h C , where Axq is a suitable set 
of first-order axioms and h is the entailment relation of classical first-order logic 
with equality In particular, three important constraint systems of this form are: 7i, 
where Ax-h is Clark's axiomatization of the Herbrand universe ( |Clark, 1978| l ; CTT , 
where Axqtt is Smolka and Treinen's axiomatization of the domain of feature trees 
| |Smolka and Treinen, 19 94); and 1Z, where Ax-ji is Tarski's axiomatization of the 
real numbers ( |Tarski, 1 951). In these three cases, the constraint system is known 
to be effective, in the sense that the validity of entailments T he C, with finite T, 
can be decided by an effective procedure. 

The previous systems include the use of disjunctions. In CLP there is a well 
known completeness theorem due to Maher l)1987f) . which relies on the possibility 
of building finite disjunctions of computed answer constraints. As we will see in 
Sectional disjunctions are not needed in order to prove completeness of goal solving 
in our setting. This is the reason why we do not enforce Cc to be closed under V 
in the general case. 

In the sequel, we assume an arbitrarily fixed effective constraint system C. By 
convention, the notation T he T' will mean that T he C holds for all C G V , and 
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C I — le C will abbreviate that C he C and C" he C hold. Also, we will say that a 
constraint C with free variables x%, . . . ,x n is C-satisfiable iff \~c 3a;i ■ ■ ■ 3x n C. 

In order to define the syntax of the first-order formulas of HH(C), we assume a set 
PS = UnGiN PS n of ranked predicate symbols (disjoint from the symbols occurring 
in Cc) which are used to build atomic formulas A of the form P(t\, . . . , t n ), with 
P e PS n . 

Definition 3.1 

The set of definite clauses, with elements noted D, and the set of goals, with ele- 
ments noted G, are defined by the following syntactic rules: 

D := A | D x A D 2 \ G => A \ VxD 
G := A\C\G 1 AG 2 \G 1 V G 2 \D G\C => G | 3xG \ VxG 

This syntax is the natural extension of first-order HH as presented in ( |Nadathur, 1993| ). 
The novelty is that constraints can occur in goals of the forms C and C => G, and 
therefore also in definite clauses of the form G => A. Some variants could be con- 
sidered, as e.g. dropping D\ AD 2 or replacing G =>• A by G =>■ D, but these changes 
would render a logically equivalent system. In the rest of the paper, by a program we 
understand any finite set A of definite clauses. This includes both CLP programs 
and first-order HH programs as particular cases. 

As usual in the HH framework, see e.g. ( |Nadathur, 1993| ), we will work with 
a technical device (so-called elaboration) for decomposing the clauses of a given 
program into a simple form. This is useful for a natural formulation of goal solving 
procedures. 

Definition 3.2 

We define the elaboration of a program A as the set elab(A) = \J D&A elab(D), 
where elab(D) is defined by case analysis in the following way: 

- elab(A) = {T A}. 

- elab(D 1 A D 2 ) = eZa6(L>i) U elab{D 2 ). 

- elab{G =>A) = {G^ A}. 

- elab(WxD) = {VxD' \ D' E elab(D)}. 

Note that all clauses in elab(A) have the form Vaci . . .Mx n (G => A),n > 0. We 
still need another technicality. A variant of such a clause is any clause of the form 
Vj/i . . . yy n (Ga =>• Aa) where y\, . . . , y n are new variables not occurring free in the 
original clause, and a — [yi/xx, . . . , y n /x n }. 
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4 Proof Systems 

In this section we present an amalgamated proof system TC that combines the 
usual inference rules from intuitionistic logic with the entailment relation he of a 
constraint system C. We will derive sequents of the form A;T| — G where A is a 
program, T represents a finite set of constraints and G is an arbitrary goal. We also 
show that TC enjoys completeness of uniform proofs, and we present a second proof 
system UC which is equivalent to TC in deductive power, but is tailored to build 
uniform proofs only. 



4- 1 The calculus TC 

TC stands for an Intuitionistic sequent calculus for HH(C) that allows to deduce a 
goal from defined clauses in the presence of Constraints. 

The intuitionistic calculus with constraints hxc is defined as follows. A; T hxc 
G if and only if the sequent A;T | — G has a proof using the rules of the proof 
system TC that we introduce in the following. A proof of a sequent is a tree whose 
nodes are sequents, the root is the sequent to be proved and the leaves match 
axioms of the calculus. The rules regulate relationship between child nodes and 
parent nodes. In the representation of the rules, we have added to the premises the 
side conditions relating to the existence of proofs in the constraint system; these 
entailment relations are not considered as nodes of the proofs seen as trees. This 
notation simplifies the reading of both inference rules and proof trees. 

• Axioms to deal with atomic goals or constraints: 

T±cC ThcA^A' 
ATK (Cr) A,A;T\-A> {M ° m) 

In {Atom) , A, A' are assumed to begin with the same predicate symbol. 
A Pi A' abbreviates t\ « t[ A . . . A t n ~ t' n , where A = P(t\, . . . , t n ), 
A' = P(f 1 ,...,f n )- 

• Rules introducing the connectives and quantifiers of the Hereditary Harrop 
formulas: 

AlTh-G,; 



A;Th-Gi VG 2 



(V fl ) (i = 1,2) 



( A ^) aTFI — 7y T~F< (Ar) 



A,Z?iA-D 2 ;r| — G A; r h-Gi A G 2 

A;lVGi A, — G 



A,Gi ^A;T\-G 
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A, £>; T ) G A;r,Chg .„ , 



A;F\-D^G y " A;F^C=>G 

A;T,C\-G[y/x] T h c 3yC 

A;T\—3xG 1 R> 

y does not appear free in the sequent of the conclusion. 



A,D[y/x];T,C\-G T h c 3yC A;T\-G[y/x] 

A,\/xD;T | — G ( L> A;T\—VxG { R> 

in both, y does not appear free in the sequent of the conclusion. 

Note that the rule of contraction seems to be absent from this system, but in fact 
it is implicitly present because A and T are viewed as sets (rather than sequences) 
in any sequent A; T | — G. In many respects, the inference rules of UC are similar to 
those used for HH in the literature; see e.g. jMiller et al., 1991] |Nadathur, 1 993). 
However, the presence of constraints induces some modifications. Of particular im- 
portance are the modifications introduced to (3r) and (Vl). A simple reformulation 
of the traditional version of (3r), using a constraint y « t instead of a substitution 
[t/x], representing an instance of x, could be: 

A;T,y^t^G[y/x] 
A;T\—3xG 

if y does not occur in t, and it does not appear free in the conclusion. 

In our constraint-oriented formulation of (3#) we allow any satisfiable constraint 
C (not necessary of the form y w t) instead of the substitution, in order to guess 
an instance of x. The next example shows that this extra generality is necessary. 

Example 4-1 

This example is based on HH{TV). Consider 
A = {\fx(x 2 w 2 =► r(x))}, 
G = 3x r(x). 

The sequent A; | — G is expected to be derivable. However, the traditional formula- 
tion of (3n) does not work, because no term t in the language Cn denotes a square 
root of 2. With our (3r), choosing the 7?.-satisfiable constraint C = x 2 ~ 2, the 
problem is reduced to the easy derivation of the sequent A; x 2 ~ 2 | — r(x). □ 

Our definition of (Vl) is dual to (3r) and follows the same idea, since (Vl) also 
relies on guessing an instance for x. On the other hand, rule (Vr) has a universal 
character. Therefore, the traditional formulation by means of a new variable has 
been kept in this case. 
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For technical reasons we need to measure the size of proofs. We formalize this 
notion as the number of sequents in it, that coincides with the number of nodes of 
the proof seen as a tree. 

In the sequel we will use some technical properties of 2"C-provability. Let us state 
them in the next lemmas, whose proofs can be found in the Appendix. 

The first lemma guarantees that substitution of a term for a variable in a sequent, 
preserves ZC-provability. 

Lemma 4-1 

For any A, T, G, x and t, if A; T hxc G, then there is a proof of the same size of 
A[t/x];T[t/x] \-G[t/x}. 

The next lemma shows that a sequent continues to be provable if we strengthen the 
set of constraints. 

Lemma 4- 2 

For any A, T, G, if V is a set of constraints such that V he T, and A; T hxc G, 
then A; r' ) — G has a proof of the same size. 

Corollary 4-3 

For any A,T,G, x and u, if A;T hxc G, then A[u/x];T,x ~ u\ — G[u/x] has a 
proof of the same size. 

Proof 

By Lemma T4. II A[u/x]; T[u/x] | — G[u/x] has a proof of the same size as A; T \ — G. 
Hence, applying Lemma 14.21 A[it/:c]; T, a; w u\ — G[u/x] has a proof of the same 
size, because T,x ss u he r[u/x]. □ 

The next lemma assures that free variables that appear only in the set of con- 
straints of a sequent can be considered as existentially quantified in the proof of 
the sequent. 

Lemma 4-4 

For any A, V, C, G, if A; T, C hxc G and x is a variable that does not appear free 
in A, r, G, then A; T, 3xC \ — G has a proof of the same size. 



4-2 Uniform proofs 

We are aiming at an abstract logic programming language in the sense of ( |Miller et al., 199l| 
This means that uniform proofs must exist for all provable sequents. In our setting 
the idea of uniform proof consists in breaking down a goal into its components until 
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obtaining an atomic formula or a constraint, before using the rules for introduction 
of connectives on the left or resorting to constraint entailment. 
More formally, the notion of uniform proof is as follows. 

Definition 4-1 

An ZC-proof is called uniform proof when each internal node in the proof tree is 
a sequent whose right-hand side G is neither a constraint nor an atomic formula. 
Moreover the inference rule relating this node to its children must be one of the 
right-introduction rules (V_r), (A_r), (=>.r), (=^Gr), (V_r), according to the 

outermost logical symbol of G. 

In order to prove that uniform proofs exist for all ZC-provable sequents, we follow 
the same approach that in (Mil ler et al, 1991] ), showing that any given XC-proof 
can be transformed into a uniform proof. This is achieved by the next lemma. 

Lemma J^.5 {Proof Transformation) 

If G is a goal, A a program and T a set of constraint formulas, such that A; T | — G 
has a proof of size I, then: 

1. For G = A, there are n constraint formulas C\, . . . , C n (n > 0) and a formula 
Vxi . . . Vx n (G' => A') that is a variant of some formula in elab(A) such that 
Xi,.. - ,x n are new distinct variables not appearing free in A,T,A, where Xj 
does not appear free in C\, . . .,C,_i, for 1 < i < n, and A' begins with the 
same predicate symbol as A. In addition it holds: 

(a) T h c 3xiCi; T,d h c 3x 2 C 2 ; I\ d, . . . , C„_i h c 3x„C n . 

(b) r,d,...,c„ h c A' w A. 

(c) A; r, C\, . . . , C n | — G 1 has a proof of size less than I, or G' = T. 

2. If G = C, then T h c C. 

3. If G = Gi A G2, then A; T | — Gi and A; T | — G 2 have proofs of size less than 
I. 

4. If G = Gi V G 2 , then A; T \ — Gi has a proof of size less than I for i — 1 or 2. 

5. If G = £> Gi, then A, D; T | — Gi has a proof of size less than I. 

6. If G = G Gi, then A; T, G | — Gi has a proof of size less than I. 

7. For G = 3a;Gi, if y is a variable not appearing free in A, T, G, then there is 
a constraint formula G such that: 

(a) r h c 3yG. 

(b) A;T,G | — Gi[y/x] has a proof of size less than I. 

8. If G = VxGi, then A; T \ — G\[y/x\ has a proof of size less than I, where y is 
a variable that does not appear free in A, T, G. 
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Proof 

We reason by induction on the size I of the proof of A; T | — G, analyzing cases 
according to the last inference rule applied in the proof of the sequent A; T | — G. A 
detailed proof can be found in the Appendix. As novelties w.r.t. {Miller et a/., 1991] ), 
we must deal with constraints and with the new formulation of rules (3^), (Vl). 
Here we only sketch the case where (Vl) is the last inference rule applied and 
G = 3wG±. Let us show graphically the proof transformation, in which we will 
essentially switch the applications of (Vl) and (3ft). By the induction hypothesis, 
the initial proof has the form: 

A', D[u/x\; T, C' A C, u w y |— G x [z/w] 
t Cor. EH Lem.lO 
b!,D\ylx\\T,C',C\-Gx[z/w] T,C h c 3zC 

(3fl) 

A',D[y/x};r,C'^3wG 1 V h c 3yC' 

(Vl) 

A',VxZ) ; r|— 3wGx 

where: 

- y is not free in A', \fxD, T, 3wG\. 

- z is not free in A', D[y/x], T,C, 3wGx. 

- u is a new variable. 

We can transform this into the following proof: 

A',D[u/x];r,C' AC,u& y\— G^z/w] r,C"ACh c 3u(u w y) 

(Vl) 

A', MxD; r, C A C |— G x [z/w] 

i Lem.lO 

A',VxD;T,3y(C AC)\-Gi[z/w] T h c 3z3y(C' A C) 

A',VxL>;rH3wGi 

where: 

- z is not free in A', VxD, T, 3iuGi. 

- u is not free in A', VxD, T, C" A C, Gi[z/w]. □ 

The next main theorem follows now as a straightforward consequence of the Proof 
Transformation Lemma 14.51 

Theorem 4-6 (Uniform Proofs) 

Every ZC-provable sequent has a uniform proof. 
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Proof 

Given an ZC-provable sequent with a proof of size I, the existence of a uniform 
proof is established reasoning by induction on I, using Lemma [Ql □ 



4.3 The calculus UC 

Now we know that uniform proofs are complete for IC, and their goal-oriented 
format renders them close to the goal solving procedure we are looking for. However, 
as an intermediate step we will present a second proof system UC for HH(C), which 
will enjoy three properties: 

a) UC and TC have the same provable sequents. 

b) UC builds only Uniform proofs, and it is parameterized by a given Constraint 
system. 

c ) ^uc replaces the left-introduction rules by a backchaining mechanism. 

iYC-derivations are very close to our intended computations. Therefore, the UC 
system will be very useful for designing a sound and complete goal solving procedure 
in the next section. 

Provability in UC is defined as follows. A; T ^uc G if and only if the sequent 
A; r I — G has a proof using the following rules: 



• Axiom to deal with constraints: 

r h c c 



(Cr) 



A; T I — C 

• Backchaining rule for atomic goals: 

A;T|— 3xi ... Bx n ((A » A') A G) 



(Clause) 



A; T I — A' 

where A, A' begin with the same predicate symbol and Vxi . . .\/x n (G =>- A) 
is a variant of a formula of elab(A), where X\, . . . ,x n do not appear free in 
the sequent of the conclusion. 
• Rules introducing the connectives and quantifiers of the goals: 

(Vfl), (A fl ), (=>C R ), (B r ), (V r ). 

Defined as in the system XC. 

The structure of the rule (Clause), that encapsulates a backchaining mechanism, 
corresponds to the method by which atomic goals, A', will be solved by the goal 
solving procedure to be presented in Section [SJ As usual in logic programming, an 
"instance" of a clause with head A and body G is searched, in such a way that 
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A k A' and G can be proved. By the definition of UC, the existential quantification 
on the right hand side of the premise sequent forces a search for this "instance" 
(managed by means of constraints in our system). Note that a similar behaviour 
would result from the application of (Vj,) if we would make use of IC. 

The next auxiliary lemma is needed to show that UC and IC have the same 
deductive power. It can be viewed as a particular kind of cut elimination for IC, 
where the cut formula is taken from the elaboration of the program in the left 
side of the sequent. We cannot apply directly any classical cut elimination result, 
because constraint entailment is embedded into our proof system. 

Lemma 4--7 (Elaboration) 

For any A, T, A and F e elab(A): if A, F; T h JC A, then A; T h IC A. 
Proof 

It appears in the Appendix. □ 

Now we can prove the promised equivalence between UC and IC. 
Theorem 4-8 

The proof systems IC and UC arc equivalent. That means, for any program A, for 
any set of constraints T, and for any goal G it holds: 

A; T h JC G if and only if A; T V uc G. 

Proof 

We prove both implications by induction on the size of proofs. 

Assuming A; r hxe G, we prove A; T hue G by case analysis on the structure 
of G. 

If G = A, by the Proof Transformation Lemma (|4.5() there are n (n > 0) 
constraints C%, . . . , C n , a variant Vxi . . . Vx„(G" A') of some formula of 
elab(A), with X\,...,x n new distinct variables, Xi not appearing free in 
Ci,. . . , Ci-i, for 1 < i < n, and A, A' beginning with the same predicate 
symbol, such that: 

(a) r h c Sxid; r,Ci h c 3x 2 C 2 ; I\ C u . . . , C n - X h c 3x n C n . 

(b) r,Ci,...,C„ h c A' w A. 

(c) A; r, Ci, . . . , C n hxc G' , with a shorter proof, or G 1 = T. 

By (b) and (C R ), A; T, Ci, . . . , C„ \- U c A 1 « A. By (c) and the induction 
hypothesis, A; T, Ci, . . . , C„ h^c G'. Note that if G" = T, the proof of 
this sequent is a direct consequence of the rule (Cr). So applying (Ar), 
A,r, Ci, . . . , C n ^uc (A' w A) A G". Now, in accordance with (a) and 



CLP with Hereditary Harrop Formulas 



17 



the conditions on x\, .. . ,x n , it is possible to apply (3r) n times obtaining 
A; T \- U c 3xi .. . 3x n ((A' w A) AG'). Therefore, using (Clause), A; T h uc A. 
The cases for non atomic formulas are immediate due to the Proof Transfor- 
mation Lemma Ij4.5l) . the definition of UC and the induction hypothesis. 
<=) Let us also prove only the atomic case, the others are proved using the induc- 
tion hypothesis and the definition of the calculi UC, TC. 
Assume A; L hue A, then by the definition oiUC the rule (Clause) has been 
applied and A; T h^c 3xi . . . 3x n ((A ss A) AG'), with a shorter proof, where 
\fx\ . . . \fx n (C =>■ A) is a variant of a formula of elab(A) with x\, . . . , x n new 
variables and A, A beginning with the same predicate symbol. Because of 
the form of UC's inference rules, the only way to derive this sequent is by n 
successive applications of (3^). Since x%, . . . , x n are new 2 , we can assume: 

(a) L h c BxxCi; L, C\ h c 3x2^2; T, Ci, . . . , C n -% h c 3x„C n . 

(b) A; T, Ci, . . . , C n h uc (A « A) A G', with a shorter proof. 

Then by (b) and according to the definition of UC, A; T, C\, . . . , C n ^uc 
A k, A and A;T, C\, . . . , C n ^uc G' with shorter proofs. Therefore, by the 
induction hypothesis, 



(f) implies T ,C\, . . . ,C n he A w A, by the Proof Transformation Lemma 
H4.5(l . Then, by (Atom), 

A,A';T,Cx,...,C n h IC A (o), 

so applying (=> L ) to ($) and (o), 



Now by n applications of (Vl), using (a) and the conditions on x\ . . . , x n , we 



Therefore by the Elaboration Lemma l|4.7j) A; P \-%c A. □ 

The properties stated in Lemma fOl and Lemma l4~4"l hold also for WC-derivability. 
This is ensured by the next two lemmas that are proved in the Appendix. 

2 Without loss of generality we can consider that Xi does not appear free in C\, . , , , C(_i, for 
1 < i < n. 



A;T,C x ,...,C n brc A a A 
A; P, Ci, . . . , C n hie G" 



A (f) and 
?' (t). 



A,G' ^A';T,C 1 ,...,C n h rc A 



obtain 



A,Vxi...Vx„(G'^A');r hr C A 
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Lemma 

For any A,T,G, if V is a set of constraints such that V he T, and A;T hyc G, 
then A; r' | — G has a WC-proof of the same size. 

Lemma 4. 10 

For any A, T, C, G, if A; T, C hue G and x is a variable that does not appear free 
in A, r, G, then A; T, 3xC | — G has a WC-proof of the same size. 

From now on we will work only with the calculus IAC. 

5 A Goal Solving Procedure 

We now turn to the view of HH(C) as a logic programming language. Solving a goal 
G using a program A means finding a C-satisfiable constraint R such that 

A;i?H, c G. 

Any constraint R with this property is called a correct answer constraint. For in- 
stance, R = x 2 < 1/2 is a correct answer constraint for the disc example, as shown 
in the introduction. 

We will present a goal solving procedure as a transition system. Goal solving will 
proceed by transforming an initial state through a sequence of intermediate states, 
ending in a final state. Each state will conserve the goals that remain to be solved 
and a partially calculated answer constraint. The final state will not have any goal 
to be solved. In the following we will formalize these ideas and show soundness and 
completeness of the proposed procedure. 

Definition 5.1 

A state w.r.t. a finite set of variables V, written <S, has the form II[S'n^] where: 
Q is a multiset of triples (A,C, G) (A local program, C local constraint formula 
and G local goal). II is a quantifier prefix QiX\. . .QhXk where x\, . . . , Xk are distinct 
variables not belonging to V , and every Qi, 1 < i < fc, is the quantifier V or 3. S is 
a global constraint formula. 

This complex notion of state is needed because the goal solving transformations, 
presented below, introduce local clauses and local constraints. Of course, local 
clauses also arise in HH, see ( |Nadathur, 1993| ). Initial states are quite simple as 
can be seen in Definition 15.31 

We say that a state Il[SOQ] is satisfiable iff the associated constraint formula IIS, 
also called partially calculated answer constraint, is C-satisfiablc. 

If II', II are quantifier prefixes such that II' coincides with the first k elements of 
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II, < k < n, where n is the number of elements of II, then 11 — 11' represents the 
result of eliminating II' of II. For instance \/x\/y3z\/u3v — \/xVy3z = \/u3v. 

To represent a multiset g, we will simply write its elements separated by commas, 
assuming that repetitions are relevant but ordering is not. In particular, the notation 
Q, (A, G, G) stands for any multiset which includes at least one occurrence of the 
triple (A,C,G). 

Definition 5.2 (Rules for transformation of states) 

The transformations permitting to pass from a state S w.r.t. a set of variables V, 
to another state S' w.r.t. V, written as <S|| — S' , are the following: 

i) Conjunction. 

n[sng, (A, C, Gi A G 2 )] \\- U[Sng, (A, C, d), (A, C, G 2 )\. 

ii) Disjunction. 

n[Sag, (A, G, G x V G 2 }] ||— TL[SuQ, (A, C, d)], for i = 1 or 2 

(don't know choice), 
m) Implication with local clause. 

U[SDQ, (A, C, D G)] |h- n[Sna, (A u {£>}, C, G)]. 
iv) Implication with local constraint. 

n[Sug, (A, G, G' =>■ G>] II- n[Sna, (A, G A G', G)]. 
wj Existential quantification. 

U[Sag, (A, G, 3xG)] |h n3«;[5na, (A, G, G[«7/x]>], 

where w does not appear in II nor in V. 

vi) Universal quantification. 

U[Sng, (A, C,VxG)} ||— nVw[5ng, (A, G, G[w/x})}, 
where w does not appear in II nor in V. 

vii) Constraint. 

U[Sag, (A, G, G')] ||- n[S A (G G')ng]. 
If n(S A (G ^ G')) is C-satisfiable. 
umj Clause of the program. 

U[Sag, (A, G, A)] ||- U[Sag, (A, G, Ban . . . 3x n ((A' w A) A G))]. 
Provided that Va;i . . .Vx„(G =4> A') is a variant of some clause in elab(A) 
(don't know choice), X\, . . . ,x n do not appear in II nor in V, and A' , A begin 
with the same predicate symbol. 

Note that every transformation can be applied to an arbitrary triple (A, G, G) 
within the state, since g is viewed as a multiset. Moreover, all choices involved 
in carrying out a sequence of state transformations are don't care, except those 
explicitly labeled as don't know in transformations ii) and viii) above. One can 
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commit to don't care choices without compromising completeness. In other words: 
at the implementation level, backtracking is needed only for don't know choices. 
The following definition formalizes the setting needed for goal solving. 

Definition 5.3 

The initial state for a program A and a goal G is a state w.r.t. the set of free 
variables of A and G consisting in So = [TCI (A, T, G)}. 

A resolution of a goal G from a program A is a finite sequence of states w.r.t. the 
free variables of A and G, So, ■ ■ ■ , S n , such that: 

• iSo is the initial state for A and G. 

• — Si, 1 < i < n, by means of any of the transformation rules. 

• The final state S n has the form n„[S , n C0]. 

The constraint Tl n S n is called the answer constraint of this resolution. 
Example 5.1 

Using A, G and R as given in the disc example (see the Introduction) it is possible 
to build a resolution of G from A with answer constraint R as follows: 

[TCi(A, T, Vy(j/ 2 < 1/2 disc (x, y)))} \\- vi) 
Vy{TO(A,T,y 2 < 1/2=* disc (x,y))} H„) 
Vy[Ta(A,y 2 < 1/2, disc (x,y))] 

Vy[TD(A, y 2 < 1/2, 3u3v{x ^ u Ay ^ v Au 2 + v 2 < 1/2)}] ||— vii) 
Vy[y 2 < 1/2 =* 3u3v(x k u Ay ^ v Au 2 + v 2 < 1)D0] 
since Vy(y 2 < 1/2 =>■ 3u3v(x ~ u A y ~ v A u 2 + v 2 < 1)) is 7?.-satisfiable. 
So the answer constraint is 

Vy(y 2 < 1/2 3u3v(x w u A y « u A u 2 + v 2 < 1)) 

Vy(y 2 < 1/2 a; 2 + y 2 < 1) H K a; 2 < 1/2. □ 

For CLP programs, the goal transformations ii), Hi), iv) and vi) can never be 
applied. Therefore, the state remains of the form n[S , C0], where II includes only ex- 
istential quantifiers and Q is a multiset of triples (A, C, G) such that A is the global 
program. For states of this kind, the goal transformations i), v), vii) and viii) spec- 
ify constrained SLD resolution, as used in CLP; see e.g. ( |jaft'ar and Maher, 1994| 
|Jaffar et al., 19 96). On the other hand, traditional HH programs can be emulated 
in our framework by using the Herbrand constraint system TL and avoiding con- 
straints in programs and initial goals. Then transformation iv) becomes useless, 
and the remaining goal transformations can be viewed as a more abstract formu- 
lation of the goal solving procedure from ( |Nadathur, 1993| ). Transformation viii) 
introduces equational constraints in intermediate goals, and in transformation vii) 
the local constraint C is simply T. Therefore, n(S' A (C C')) is equivalent to 
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II(5AC"), where S AC" can be assumed to be a conjunction of equations. Checking 
^-satisfiability of H(S A C) corresponds to solving a unification problem under a 
mixed prefix in ( |Nadathur, 1993D . 

Admittedly, the labeled unification algorithm presented in | |Nadathur, 1993| ) is 
closer to an actual implementation, while our description of goal solving is more 
abstract. Note, however, that the goal solving transformations are open to efficient 
implementation techniques. In particular, when vii) adds a new constraint to the 
global constraint S, the satisfiability of the new partially calculated answer con- 
straint should be checked incrementally, without repeating all the work previously 
done for ITS'. Of course, delaying the constraint satisfiability checks until the end 
is neither necessary nor convenient. 

5.1 Soundness 

Soundness of the goal solving procedure means that if R is the answer constraint 
of a resolution of a goal G from a program A, then the sequent A;R | — G has a 
WC-proof. 

The soundness theorem is based on two auxiliary results. The first one ensures 
that states remain satisfiable along any resolution. 

Lemma 5.1 

Let 5o, . . . ,S n be a resolution of a goal G from a program A, and V the set of 
free variables of A and G. Then, for any i, < % < n, if Si = Hi[SiOQi], then the 
following properties are satisfied: 

1. The free variables of the formulas of Gi, and Si are in IT or in V. 

2. Si is satisfiable. 

Proof 

The first property is a consequence of the procedure used to build the prefix of a 
state. The initial state satisfies it by definition, and when passing from state Si-i 
to state Si, 1 < i < n, if we include new free variables, these will be quantified 
universally or existentially by IT. 

For the second property, note that So = T by definition. Moreover, for each 
transformation step — Si, one of the three following cases applies: 

• Si ^ Si— i- Then the transition must correspond to the transformation vii) 
which requires C-satisfiability of Hi(Si). 

• Si = Si-i and IT = IT_i. This case is trivial. 
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• Si = Si— i and II j = Tli-iQw, where Q is V or 3 and w is a new variable not 
free in Sj-i, and not occurring in Ilf—i. Under these conditions, 

TliSi = Tli-iQwSt-i H c ILi-iSi-i, 

and C-satisfiability propagates from IIi_i5i_i to Ilj 5*^ . □ 

The second auxiliary lemma means that correct answer constraints are preserved 
by any resolution step. 

Lemma 5.2 

Assume S = H[SDQ] and S' = IUI'[S'DQ'] are two states w.r.t. a set of variables 
V, such that <S|| — S' . If R' is a constraint with its free variables in nil' or in V, and 
such that R' h c S' and for any (A', C', G') € Q' , A'; R' , C h UC G', then Il'R' h c S 
and for any (A, G, G) £ G, A; Il'R', C h wc G. 

Proof 

We analyze the different cases, according to the transformation applied. We show 
here the first case, the other cases appear in the Appendix. 

i) Conjunction. II' is empty and S = S', so H R' he 5* obviously. On the other 
hand, let (A, C, G) e Q: 

If (A, C, G) e G', then A; IL'R', C V UC G by hypothesis, since IL'R' = R'. 
If (A, C, G) £ G', then G = G 1 hG 2 and (A, C, d), (A, C, G 2 ) 6 5'. Therefore 
A;n'i?',C hue G x and A ; n'i?',C* V UC G 2 , by hypothesis, since IL'R! = R', 
and consequently A;n'i?',C hue G, by applying (Ar). □ 

Theorem 5.3 (Soundness) 

Let A be any program. If G is a goal such that there is a resolution Sq, . . . ,S n of G 
from A with answer constraint i? = Il n S n , then i? is C-satisfiable and A; R hue G. 

Proof 

The proof is direct from the previous lemmas. C-satisfiability of R is a consequence 
of item 2 of Lemma HTT1 Besides using Lemma 15. 2l we can prove, that for < i < n, 
A;(n„ - ILi)S n ,C hue G, for any (A, G, G) e ft, and (n„ - S n h c S t . 
The case i = of this result assures the theorem. Let us prove it by induction 
on the construction of So,...,S n , but beginning from the last state. The base 
case is obvious because g n = and (n n —LL n )S n he S n holds trivially. For the 
induction step, we suppose the result for Sj+i, . . . , <S n , and we prove it for Si. Taking 
(n„ — n^+i)^ as the constraint R' of Lemma [5.21 the induction hypothesis for 
i + 1 indicates that the conditions of Lemma f5. 21 are satisfied for S' = <Sj+i, then 
this lemma affirms that the result is true for Si as we wanted to prove. □ 
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5.2 Completeness 

Completeness of the goal solving procedure states that given a program A, and a 
goal G such that A; Rq \~uc G for a C-satisfiable constraint Rq, there is a resolution 
of G from A with answer constraint R that is entailed by Rq in the constraint system 
C, i.e. Rq he R- Of course this entailment means that the computed answer R is 
at least as general as the given correct answer Rq. 

In order to prove this result, wc introduce a well-founded ordering which measures 
the complexity of proving that a given constraint is a correct answer for a given 
state. The ordering is based on multisets. 

Definition 5.4 

Let A be a program, G a goal, and C, R, constraints such that A;R,C ^uc G, 
then we define tr(A,C,G) as the size of the shortest UC-prooi of the sequent 
A;R,C\—G. 

Let Q be a multiset of triples (A, C, G). We define M.qr as the multiset of sizes 
Tr(A, C, G), where the multiplicity of tr(A, C, G) in M.qr coincides with the mul- 
tiplicity of (A, C, G) in Q. 

We use the notation << for the well-founded multiset ordering ( |Dershowitz and Manna, 1979| ) 
induced by the ordering < over the natural numbers. 

Next, we show that as long as a state can be transformed, the transformation 
can be chosen to yield a smaller state with respect to <<, while essentially keeping 
a given answer constraint R. 

Lemma 5.4 

Let S = H[SOQ] be a non-final state w.r.t. a set of variables V, and let R be a 
constraint such that UR is C-satisfiable and R he S. If A; R, C h^c G for all 
(A, C, G) € G, then we can find a rule transforming S in a state S 1 = W[S'OQ'] 
(S\\ — S') and a constraint R 1 such that: 

1. ILR h c U'R' and R' h c S'. 

2. A'; R', C h uc G' for all (A', C, G') € Q' . Moreover Mg> R i « Mg R . 
Proof 

By induction on the structure of G, where (A, C, G) S Q, analyzing cases. We show 
here an illustrative case, the proof for the other cases appears in the Appendix. 

If G has the form 3xGi , applying the transformation v) we obtain S' . Let w be the 
variable used in the substitution involved in this transformation, w does not appear 
in II, V, and we can choose it also not free in R. By hypothesis A;R,C\ — 3xG\ 
has a proof of size I, then by the definition of 14C, there is a constraint formula C\ 



24 



J. Leach, S.Nieva, M. Rodriguez- Artalejo 



such that A; R, C, C\ | — G\ [w/x] has a proof of size less than I and R, C he 3wC\. 
Let R' = RA(C=> Ci). 

1. i? he 3w(R A (C ^> Ci)), since u> is not free in R, C, and R,C he 3wCi, 
therefore IIR h c IBu;(.R A (C Ci)) = n'i?'. Moreover, 5' = S, i?' h c i? and 
i? h c S implies i?' h c 5". 

2. Let (A',C',G') € If (A',C',G') G G, then A';R,C h wc G" by hy- 
pothesis, and therefore, using i?' he R and Lemma 14.91 A';R',C ^uc G' and 
Tfl,(A',C",G') <t r (A',C',G'). 

If (A',C",G") £ 0, then G' = Gi[w/x], A'eeA and C" = C*. A;R',C\ — Gi[w/x] will 
also have a proof of size less than since A;R,C,Ci | — G\ [w/x] has such a proof, due 
to R\ C h c R, C, Ci and Lemma BJ So A';R\ C' h wc G 1 for all (A', C', G') G 5', 
r^(A',C',G") < t r {A,C,G), and .Mg^ « Mg R . □ 

Theorem 5.5 {Completeness) 

Let A be a program, G a goal and Rq a C-satisfiable constraint such that A; Ro ^uc 
G. Then there is a resolution of G from A with answer constraint R such that 
Ro h c i?. 

Proof 

Using Lemma [5.41 we can build a sequence <5>o|| — Si|| — . . . || — S n of state transfor- 
mations, (Si = ILfSiDft], < i < n), that is a a resolution of G from A, and a 
sequence of constraints Ro, ■ ■ ■ , Rn satisfying that for all i, 1 < i < n: 

• Ro he HiRi, 

• Ri he Si, 

• A'; Ri, C' V uc G', for all {A',C',G') G ft. 

We use an inductive construction that is guaranteed to terminate thanks to the 
well-founded ordering <<. Let So = [TD(A, T,G)] be the initial state for A and 
G, which we know is not final, if we take Rq as the constraint given by the theorem's 
hypothesis, we obtain Ro he IIoi?o and Ro he So, since LTo is empty and So = T. 
Moreover, by hypothesis, A; Ro \~uc G is satisfied, and then also A;i?o,T h^c G 
because of Ro, T he Ro and Lemma f4. 91 

Assume the result true for So, ■ ■ ■ ,Si, if the state Si is not final, then Si and Ri 
fulfill the hypothesis of Lemma l5.4l thus there will be a state Si + i (Si\\ — Si + \) and 
a constraint Ri+\ such that Ri+i \~c Si+i and HiRi he II i+1 i?.j +1 (t) Further- 
more, for all (A',C',G') G G l+1 , A';R i+1 ,C' h uc G' and Mg i+lRi+1 « Mg lRl . 
Therefore, by the induction hypothesis, Rq \~c 11,-Rj, and with (t) we obtain 
Ro he Hi+iRi+i. By successive iteration, as << is well-founded, we must eventu- 
ally get a final state S n that will in fact satisfy Ro he H n Rn and R n \~c S n and 
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so Ro he H n S n , where Tl n S n = R is the answer constraint of <Sq, . . . ,S n . In this 
way we conclude Rq he R. □ 

For HH(TC) programs such that constraints appear neither in the left-hand side 
of implications nor in initial goals, Theorem 15 . 51 implies an alternative formulation 
of the completeness theorem given in ( |Nadathur, 19 93 ) for a goal solving procedure 
for first-order HH. In our opinion, using constraints and constraint satisfiability 
instead of substitutions and unification under a mixed prefix, that requires low 
level representation details, we gain a more abstract presentation. For CLP pro- 
grams, Theorem 15.51 becomes a stronger form of completeness, in comparison to 
the strong completeness theorem for success given in | |Maher, 1987| ), Th. 2 (see also 
flJaffar et aL, 1996| ), Th. 4.12). There, assuming A; R \=c G, the conclusion is that 
R he \JiLi Ri where R%, . . . , R m are answer constraints computed in m different 
resolutions of G from A. Example l5 . 21 below was used in jMaher, 1987| ) to illustrate 
the need of considering disjunctions of computed answers. In fact, there is no single 
computed answer Rq such that R h^ Rq. However, this fact doesn't contradict 
Theorem 15 .51 because A; R\ — G is not WC-derivable, as we will see immediately. 

Example 5.2 

This example is borrowed from ( |Maher, 1987| ). It belongs to the instance HH(H) 
given by the Herbrand constraint system. Consider 

A = {D 1 ,D 2 }, with Di = p(a, b), D 2 = ~ix{x ft a => p(x, 6)), 

G = p(x,y), 

R = y^b. 

Up to trivial syntactic variants, this is a CLP(H)-program. According to the model 
theoretic semantics of CLP(H), we get A;R \=-n G, because either x rs a or x ffc a 
will hold in each 7i-modcl of A U {R}. In contrast to this, in UC we only can derive 
A; R A x m a\ — G (using Di) and A; R A x a\ — G (using D 2 ). And it is easy to 
check that both answers R Ax <w a and R A x 76 a can be computed by the goal 
solving transformations. But we do not obtain A; R h^c G. S ince R Vfi-i x ~ g, 
R tfn x a, neither D\ nor D 2 can be used to build a iYC-proof. □ 

The example shows a difference between the model-theoretic semantics used in 
CLP (Mahcr, 1987) and our proof-theoretical semantics, based on provability in the 
calculus UC. The latter deals with the logical symbols in goals and clauses according 
to the inference rules of intuitionistic logic. Therefore WC-provability turns out to 
be more constructive than CLP's model-theoretic semantics, and thus closer to 
constrained resolution. This is the ultimate reason why our completeness Theorem 
15.51 involves no disjunction of computed answers. 
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As an illustration of the goal solving procedure, we show next the detailed reso- 
lution of the second goal from Example 12. 31 

Example 5.3 

Let us recall the program and goal from Example 12.31 As usual in programming 
practice, we write program clauses Vxi . . .Vx n (G =>■ A) in the form A <= G 3 . 

A = { mortgage{P, T, I , M, B) <= < T AT < 3 A 

Totallnt « T * (P * 7/1200) A B w P + Totallnt - (T * M), 
mortgage(P, T, I, M, B) <= T > 3 A Quartlnt w 3 * (P * 7/1200)A 

mortgage(P + Quartlnt - 3 * M, T - 3, 1, M, B) 

} 

G = VMVP(0.9637 < P/(6 * M) < 0.97 => 

31(0 < Imin < I < Imax A mortgage(P, 6, 1, M, 0))). 

We present a resolution of G from A, using the state transformation rules i) to 
viii) from Definition 15.21 

[TD(A, T, G)] 

II o») 

VMVP[TD(A, T, 0.9637 < P/(6 * M) < 0.97 3/(0 < /mzn < J < /mai A 

mortgage (P, 6, J,M,0))}] 

II i«) 

VA/VP[TD(A, 0.9637 < P/(6 * M) < 0.97, 

3/(0 < Imin <I< Imax A mortgage(P, 6, /, M, 0))}] 

IK) 

VMVP3/[TD (A, 0.9637 < P/(6 * M) < 0.97, 

< Imin < I < Imax A mortgage(P, 6, /, A7, 0)}] 

VMVP3/[0.9637 < P/(6 * M) < 0.97 =► < /mm < 7 < /moiD 

(A, 0.9637 < P/(6 * M) < 0.97, mortgage(P, 6, /, M, 0)}] 

II viii) 

VMVP3/[0.9637 < P/(6 * M) < 0.97 => < Imin < I < ImaxU 

(A, 0.9637 < P/(6 * M) < 0.97, 
3P'3T'3I'3M'3B'3QuartInt(P w P' A 6 « T' A 7 « 7' 

AM « M' A w P/ A T' > 3 A Quartlnt w3*(P'*/7l200) 

V v ' 

Amortgage(P' + Quartlnt -3 * A/', T'-3, /', M', B'))}} 



3 In fact, we have already followed this convention in Section l2l 
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Simplifying the underbraced formula in the constraint system 1Z, we obtain: 

VMVP37[0.9637 < P/(6 * M) < 0.97 < Imm < I < ImaxU 

(A, 0.9637 < P/(6 * M) < 0.97, 
mortgage(P + 3 * (P * 7/1200) — 3 * M, 3, 7, M, 0))] 

I urn) 

VMVP37[0.9637 < P/(6 * M) < 0.97 < 7mm < 7 < 7maa;n 

(A, 0.9637 < P/(6 * M) < 0.97, 
3P"3T"3l"3M"3B"3TotalInt{P" w P + 3 * (P * 7/1200) - 3 * M 

V v ' 

A T" « 3 A 7" w 7 A M" « M A P" « A < T" A T" < 3 
A Toto/7n£ » T" * (P" * 7"/1200) A B" w P" + Totallnt - (T" * M"))>] 

S v ' 

And simplifying anew the underbraced formula in 7?.: 

VMVP37[0.9637 < P/(6 * A7) < 0.97 => < 7mm < 7 < 7maa;n 

(A, 0.9637 < P/(6 * M) < 0.97, 
0«P + 3*(P* 7/1200) - 3 * M+ 
3 * (P + 3 * (P * 7/1200) — 3 * M) * 7/1200 - 3 * M)] 



Applying now transformation mi), we obtain the following answer constraint: 

VMVP37((0.9637 < P/(6 * M) < 0.97 ^> < 7mm < 7 < Imax)) A 

(0.9637 < P/(6 * M) < 0.97 ^0«P + 3*P* 7/1200 - 3 * M+ 
3*(P + 3*P* 7/1200 - 3 * M) * 7/1200 - 3 * M)) 

I \n 

VMVP37(0.9637 < P/(6 * M) < 0.97 ^ < 7mm < 7 < 7maa;A 

« ^ * ( 1 + 3 * t4j + 3 * j^u + 9 * ^ ) - M * ( 6 + 9 * ^ ) ) 

I Ik 

VMVP37(0.9637 < P/(6 * M) < 0.97 < Imm <I< ImaxA 
I Ik 

VMVP37(0.9637 < P/(6 * M) < 0.97 < 7mm < 7 < 7maa;A 

_P_ ~ 1+ s5o A = (7 

6*M i i J i — 1 

We prove C\ I — Ir 7mm ~ 8.219559 (approx.) A Imax w 10. In effect, let 
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we observe that /(I) is a strictly decreasing continuous function of I for any J > 0, 
and also that 

/(/) fa 0.9637(approx.) I — \-r I ~ 10, and 

/(I) w 0.97 H TC / pa 8.219559 (approx.). 
Then, C\ is true iff for any M and P such that 

P/(6 * M) e [0.97..0.9637 (approx.)], 

there exists / £ [Imax..Imin] such that /(/) ps P/(6 * M) (/ strictly decreasing 
continuous function), and this is true iff J has its maximum value for /(/) ps 
0.9637 (approx.) and its minimum for /(/) ps 0.97, or equivalently Imax ps 10 A 
Imin ps 8.219559 (approx.). □ 



6 Conclusions and Future Work 

We have proposed a novel combination of Constraint Logic Programming (CLP) 
with first-order Hereditary Harrop Formulas (HH). Our framework includes a proof 
system with the uniform proofs property and a sound and complete goal solving 
procedure. Our results are parametric w.r.t. a given constraint system C, and they 
can be related to previously known results for CLP and HH. Therefore, we can 
speak of a scheme whose expressivity sums the advantages of CLP and HH. 

As far as we know, our work is the first attempt to combine the full expres- 
sivity of HH and CLP. A related, but more limited approach, can be found in 
( |Darlington and Guo, 1 994). This paper presents an amalgamated logic that com- 
bines the Horn fragment of intuitionistic logic with the entailment relation of a 
given constraint system, showing the existence of uniform proofs as well as sound- 
ness and completeness of constrained SLD resolution w.r.t. the proof system. The 
more general case of HH is not studied. Moreover, the presentation of constrained 
SLD resolution is not fully satisfactory, because the backchaining transition rule, 
see ( |Darlington and Guo, 1994| ), guesses an arbitrary instance of a program clause, 
instead of adding unification constraints to the new goal, as done in our state tran- 
sition rule viii). 

Several interesting issues remain for future research. Firstly, more concrete ev- 
idence on potential application areas should be found. We are currently looking 
for CLP applications where greater HH expressivity may be useful, as well as for 
typical HH applications that can benefit from the use of numeric and/or sym- 
bolic constraints. Secondly, tractable fragments of our formalism (other than CLP 
and HH separately) should be discovered. Otherwise, constraint satisfiability and 
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constraint entailment may become intractable or even undecidable. Our broad no- 
tion of constraint system includes any first-order theory based on arbitrary equa- 
tional axiomatization. Such theories are sometimes decidable, see dComon, 1993| 
|Comon, Haberstrau and Jouannaud, 1994| ), but most often restricted fragments must 
be chosen to ensure decidability. Last but not least, our framework should be ex- 
tended to higher-order HH as used in many A-Prolog applications. 

Acknowledgement We are grateful to the anonymous referees for their construc- 
tive criticisms. 



Appendix 
Proofs of results from Section 4-1 

Lemma \4-1\ 

For any A, V, G, x and t, if A; T hie G, then there is a proof of the same size of 
A[t/x];T[t/x] \-G[t/x]. 

Proof 

By induction on the size I of the proof of the sequent A; T | — G. 

HI = 1, then (Gr) or (Atom) have been applied. In the first case, G = C for some 
constraint C and T he C. Hence T[t/x] he C[t/x], by the properties of he- There- 
fore the sequent A[t/x]\ T[t/x] | — C[t/x] has a proof of size 1, by applying [Cr). In 
the second case, G = A, for some predicate formula A, A = A' U {A 1 }, with A 1 be- 
ginning with the same predicate symbol as A, and r he A' « A. Hence T[t/x] he 
(A' w A)[t/x\. Therefore, applying (Atom), A'[t/x], A'[t/x];T[t/x] \—A[t/x] has a 
proof of size 1, and A[t/x] = A'[t/x] U [A'[t/x]}. 

If Z > 1, we distinguish cases in accordance with the last rule applied in the 
deduction of A; T | — G. Let us analyze some cases (the omitted ones are similar). 

(=>(7r) In this case G = C => G' , and the last step of the proof has the form: 

A;T | — C G' { ^ Cr) 

By the induction hypothesis, A[t/x]; T[t/x], C[t/x] \ — G'[t/x] has a proof of size 
l — l. Then, applying (=>-Cr), we obtain that A[t/x];T[t/x] \— (C G')[t/x] has 
a proof of size /. 

(Vij) In this case G = VzG' and the last step of the proof has the form: 

A;T\-G'\y/z] 
A;T\-VzG> [ Rl 
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where y does not appear free in the sequent of the conclusion. We can assume, 
without loss of generality, that z ^ x and z does not appear in t. If this were not 
the case, the induction hypothesis could be applied another time, in order to re- 
name coincident variables. Also we can assume that y is different from x and that 
y does not occur in t. By the induction hypothesis, A[t/x];T[t/x] | — G'[t/x][y/z] 
has a proof of size 1—1, because under our hypothesis, G'[y/z) [t/x] = G'[t/x) [y/z]. 
Now, applying (Vr), A [t/x] ; T [t/x] | — Vz(G'[t/x]) has a proof of size I, but this 
is the expected result because Vz(G'[t/x]) = (VzG')[t/x]. 
(Vl) In this case A = A' U {VzD}. As before, we can assume that z ^ x and does 
not appear in t, and the last step of the proof has the form: 

A',D[y/z];T,C\-G T h c 3yC 

A,\/zD-T^G 1 L) 

where y does not appear free in the sequent of the conclusion. We can assume 
without loss of generality that y is different from x and that y does not occur in 
t. Then, by the induction hypothesis, 

A'[t/x],D[t/x][y/z];T[t/x],C[t/x] \-G[t/x] (t) 

has a proof of size l — l, because under our hypothesis, D[y/z] [t/x] = D[t/x] [y/z]. 
Now r he 3yC implies 

T[t/x] h c 3y(C[t/x}) (t), 

by the properties of he and the fact that (3yC)\t / x] = 3y(C[t/x}). Then applying 
(Vl) to (f) and (\), A[t/x]; T[t/x] | — G[t/x] has a proof of size /, because 

Vz(D[t/x]) = (VzD)[t/x] and A[t/x] = A' [t/x] U {(VzD)[t/x]}. □ 

Lemma \4- 6 A 

For any A, T, G, if V is a set of constraints such that V he T, and A; T hxc G, 
then A; r' ) — G has a proof of the same size. 

Proof 

By induction on the size of the proof of the sequent A; T \ — G, by case analysis on 
the last rule applied, and using the properties of entailment in constraint systems. 
It is obvious for proofs of size 1. For proofs of size I > 1, let us analyze the case 
(Vl) (the others are similar). In this case, the last step of the proof is of the form: 

A',D[y/x];T,C\-G T h c 3yC 

A',Vx£> ; rh-G 1 L) 

where y does not appear free in the sequent of the conclusion, and A = A'UjVxZ)}. 
By the induction hypothesis 

A',D[y/x];T',C\-G (f) 
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has a proof of size I — 1. We know that T he 3yC, and by the hypothesis V he T, 
so 

r' h c 3yC (J). 

We can assume that y does not appear free in T', in other case, by Lemma 14.11 
we can work with A', D[y'/x]; V, C[y'/y) | — G (y' new), instead of (f), and with 
T' he 3y'C[y' /y], instead of (|), by the properties of he - Then we finish by applying 
(V L ) to (f) and (t). □ 

Lemma \4-4\ 

For any A, V, C, G, if A; T, C \~xe G and x is a variable that does not appear free 
in A, r, G, then A; T, 3xC | — G has a proof of the same size. 

Proof 

By induction on the size of the proof. We will assume that x appears free in C, if 
not 3xC he C, and the proof is immediate due to Lemma l4~2l 

If A; r, C | — G has a proof of size 1, (Atom) or (Cr) has been applied. In both 
cases r, C he C' for certain constraint C". Both C" and T do not contain free 
occurrences of x, hence F, 3xC he C", and therefore A; T, 3ccC | — G has a proof of 
size 1. If A; r, C | — G has a proof of size I > 1, let us discuss some of the possible 
cases. 

(3^) Then G = 3zG' and the last step of the proof is of the form: 

A;T,C,C'\-G'[y/z] T, C he 3yC' 

A;T,C\-3zG' [ R> 

where y does not appear free in the sequent of the conclusion. Hence, by Lemma 
14.21 A;T, C A C' \ — G'[y/z] has a proof of size I — 1. Now, the conditions on y 
imply that x ^ y, so x is not free in G'[y/z], because it is not free in 3zG' . Then, 
by the induction hypothesis and again using Lcmma l4.2l 

A; T, 3xC, 3x(C A C") | — G'[y/z] (f) 

has a proof of size I — 1. On the other hand, T, C he 3yC' implies that T, C he 
C A 3yC' so T, 3xC he 3x(C A 3yC'), since x is not free in T, thus 

r,3xC h c 3y3x(C A C") (f), 

since y is not free in C. Therefore the desired result is obtained by applying (3p) 
to (f) and (}). 

(Vr) Then G = VzG", and the last step of the proof has the form: 

A;T,C\-G'\y/z] 
A ; r,C|— VzG' [ R > 



32 



J. Leach, S.Nieva, M. Rodriguez- Artalejo 



where y does not appear free in the sequent of the conclusion. Then y does not 
occur free in G, so it is different from x. Applying the induction hypothesis to 
the sequent A;F, C| — G'[y/z], we obtain that A;T, 3xC\ — G'[y/z] has a proof 
of size I — 1. Then A; T, 3xC | — G has a proof 
of size I by (Vr). □ 

Proofs of results from Section 4-2 

Lemma \4-.5\ (Proof Transformation) 

If G is a goal, A a program and T a set of constraint formulas, such that A; T | — G 
has a proof of size I, then: 

1. For G = A, there are n constraint formulas Ci, . . . , C n (n > 0) and a formula 
\/xi . . . Mx n (G' => A') that is a variant of some formula in elab(A) such that 
xi, . . .,x n are new distinct variables not appearing free in A,T, A, where Xi 
does not appear free in Gi, . . .,Cj_i, for 1 < i < n, and A' begins with the 
same predicate symbol as A. In addition it holds: 

(a) T h c 3xiCi; T, C\ h c 3x 2 C 2 ; r, Gi, . . . , C„_i h c 3x n C„. 

(b) r,d,...,C„ A' w A 

(c) A; r, C\, . . . , C n | — G" has a proof of size less than I, or G' = T. 

2. If G = C, then Y h c C. 

3. If G = Gi A G2, then A; T \ — G\ and A; T \ — G 2 have proofs of size less than 
/. 

4. If G = Gi V G2, then A; T | — has a proof of size less than I for i = 1 or 2. 

5. If G = £> => Gi, then A, D; T | — Gi has a proof of size less than I. 

6. If G = G => Gi, then A; T, G | — Gi has a proof of size less than I. 

7. For G = 3xG±, if y is a variable not appearing free in A,T, G, then there is 
a constraint formula G such that: 

(a) r h c 3yC. 

(b) A; r, G I — Gi [y/x] has a proof of size less than /. 

8. If G = VxGi, then A; T \ — Gi[y/x] has a proof of size less than I, where y is 
a variable that does not appear free in A, T, G. 

Proof 

We reason by induction on the size I of a given XC-proof of A; T \ — G. 

If Z is 1, then G has been proved by a single application of axiom (Cr) or axiom 
(Atom). In the former case, G is a constraint and item 2 of the lemma holds. In 
the latter case G is an atomic formula A and there is A' S A, beginning with 
the same predicate symbol that A such that T he A' w A. But A' G A implies 
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T => A' G elab(A), then conditions (a), (b) and (c) of item 1 are satisfied with 
n = 0, G' = T. 



If Z > 1, let us analyze cases according to the last inference rule applied in the 
proof of the sequent A; T | — G. The lemma is obviously true by induction hypothesis 
if the last inference rule introduces on the right the main connective or quantifier 
of the goal. So the problem is reduced to the rules (At), (=>l) and (Vt). For each 
of these three rules, we must analyze cases according to the structure of G. In each 
case, it is possible to transform the proof by permuting the application of right and 
left-introduction rules, in the same way as in ( |Miller et al., 1991] ). In our setting, 
however, the treatment of (Vt) gives rise to some new situations. We analyze the 
most interesting cases; the ones we omit can be treated analogously. 

(At) Then we can decompose A as A = A' U {D\ AD2}, and the last step of the 
proof is of the form: 



• If G = G\ V G2, then by the induction hypothesis, there is a proof of size less 
than Z — 1 of A', D±, D2; T | — Gi. Applying (At) we obtain a proof of size less 
or equal I — 1, so less than I, of A', D\ A D2; T\ — Gi for i = 1 or 2. 

(=r-t) Then we can decompose A as A = A' U {G' =>• A}, and the last step of the 
proof is of the form: 



• If G = VrcGi, then A',A;T\ — VxGi has a proof of size h < I, and by the 
induction hypothesis there is a proof of size less than Zi of A', A; T \ — G\ [y/x] , 
where y is a new variable. Then, using that A'; F | — G' has a proof of size I2, 
lx + 1% = I — 1) and applying (=>t)- A', G' =>■ A;T\ — G\[y/x] has a proof of 
size less or equal Zi + 12 so less than I, as we wanted to prove. 

• If G = D =>• G\, then A',A;T\ — D G\ has a proof of size l x < I, so by the 
induction hypothesis there is a proof of size less than l\ of A', A,D;T\ — G\, 
Then, since A';T| — G' has a proof of size I2, obviously A', D;T\ — G' also 
has a proof of size I2, and l± + I2 < I. Therefore, using (=>t), we obtain that 
A', G' => A, D; r I — Gi has a proof of size less or equal l\ + h, so less than I, 
as we wanted to prove. 

(Vt) Then we can decompose A as A = A' U {VxD}, and the last step of the proof 
is of the form: 



A', D\,D2\ rj — G 
A',Di AD 2 ;T| — G 



(At) 



A^TI— G' A' ,A;Y\ — G 
A', G' ^ A;T\ — G 



A',D[y/x];T,C'^G 



r h c 3yC' 



(Vt) 



A',VxD ; r^G 
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where y is not free in the sequent of the conclusion, and the sequent 

Q = A',D[y/x};T,G'\-G 

has a proof of size I — 1. 

• If G = C, then by the induction hypothesis applied to Q, we know that 
r, C he C . Since r he 3yC' and y is not free in T, C, we conclude that 
r he G, due to the properties of he, that coincides with item 2 of the lemma. 

• If G = C =>■ Gi, then by the induction hypothesis applied to Q, the sequent 

A',D[y/x];Y,C',C^G l 

has a proof of size less than I — 1. Therefore, since T he 3yG' implies T, G he 
3yG', and y is not free in G, applying (Vl), A', VxZ?; T, C \ — Gi, has a proof 
of size less or equal than I — 1 so less than I . 

• If G = 3wG±, then by applying the induction hypothesis to Q we conclude 
that there is G such that T, C' he 3zG, where z is not free in A', D[y/x], T, G', 
3u;Gi, and 

M ,D[y/x];T,C' ^^Gtlz/w] (t) 

has a proof of size less than 2 — 1. Since y is not free in A', G\[z/w\, applying 
Corollary PI to (f) we obtain that A', D[u/x];T, G', G, u w y\—Gx[z/w], 
where u is a new variable, has a proof of the same size, so by Lemma f4. 21 

A',D[u/x];r,C' AC,uny^Gi[z/w] (t) 

still with a proof of size less than I — 1. Now by the properties of the con- 
straint entailment, T, G' A G he 3u(u « (§). Then, since u is not free in 
A',VxD,r, G' A G, Gi[z/w], we apply (V L ) to (t) and (§), obtaining that 

A',VxD;T,C AC|— Gi[z/iu] 

has a proof of size less than or equal 2 — 1. Hence using Lemma l4~4l 

A', VxD; T, 3y(G' A C) | — G\ [z/w] 

has a proof of size less than or equal I — 1, because, by the assumptions, 
y is not free in A', VxD, T, G\ [z/w]. Therefore we can conclude the result 
for this case (item 7), taking 3y(G' A G) as auxiliary constraint. In fact, 
T, C' h c 3zC implies T, C' h c 3z{C' A G), since z is not free in T, C' . Hence 
T,3yC' h c 3z3y(C' AG), since y is not free in T. Finally, T h c 3z3y(G'AG), 
because T he 3yC' . 

• If G = A, then the induction hypothesis for the sequent Q assures that there 
are constraints Gi, . . . , G„ (n > 0) and a formula Vxi . . . Vx n (G' A') that 
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is a variant of a formula in elab(A' U {D[y /x]}), where x\, . . . ,x n are new 
variables, Xi not appearing free in C\, . . . , d-i ; for 1 < i < n, A' begins with 
the same predicate symbol as A, and such that: 

(i) r, C h c 3xid; T, C, d h c 3x 2 d; . . . ; r, C, d, . . . , d-i h c 3x„C„. 

(h) r,c',Ci,...,c n h c a'ha 

(iii) A', D[y/x}; T, C' , Ci, . . . , C n | — G' has a proof of size less than Z — 1, or 
G' = T. 

In order to establish item 1 of the lemma, we distinguish two cases: 

(I) Vxi . . . Vx„(G" => A') is a variant of a formula in elab(A'), or 
(II) Vxi . . .Vx n (G' =4- A') is a variant of a formula in elab(D[y / x}) . 

(I). If Vxi . . . Vx„(G" =>■ A') is a variant of a formula in elab(A'), then 
Vxi . . .Vx„(G" =4- A') is a variant of a formula in elab(A). Taking the fol- 
lowing n auxiliary constraints 3y(C" A C\), . . . , 3y(C A C\ A ... A C„), we will 
prove conditions (a), (b) and (c). 

• For condition (a) we need to prove: 

r h c 3 Xl 3y(C' Ad) (1) 
T, 3y(C" Ad) h c 3x 2 3y(C A d A C 2 ) (2) 

T, 3y(C" A Ci), . . . , 3y(C" A Ci A ... A C n _i) h c 

3x„3y(C" ACi A...ACJ (n) 
This can be deduced from condition (i) above, as follows: 

(1) . By (i), T, C h c 3 Xl C u then T, C h c C A 3x 1 C 1 . Hence 

r,3t/C" h c 3y(C' A 3xiCi), 
since y is not free in T. Therefore 

T,3yC h c 3x^(0' Ad), 

since Xi is not free in C . Now we can conclude (1) because Y he 3yC '. 

(2) . By (i), I\C",d h c 3x 2 C 2 , thcnr,C"ACi h c C" A Ci A 3x 2 C 2 . Hence 

T, 3y(C A d) h c 3y(C A d A 3x 2 C 2 ), 
since y is not free in Y. Therefore 

T, 3y(C Ad) h c 3x 2 3y(d A d A d), 
since x 2 is not free in C , C\. 

By a similar reasoning, we can prove (3) to (n — 1). 
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(n). By (i), r, C, d, . . . , C n _! h c 3x„C„, then r, C A d A . . . A C n -i h c 
C" A Ci A . . . A C„-i A 3x n C n . Hence 

r, 3y(G A Ci A ... A C n _i) h c 3y(C A Ci A ... A C n -i A 3x„C„), 

since y is not free in T. Therefore 

T, 3y(G A Ci A ... A C„_i) h c 3a; n 3y(C' A Ci A ... A C n _i A C n ), 

since x„ is not free in C , C\, . . . , C„_i. Then we deduce (n) obviously. 

• For condition (b) we need: 

T, 3y{G A Ci), . . . , 3y(C A Ci A . . . A C„) h c A' « A 

To deduce this from (ii), we note that j/ is not free in A', T, ^4 by assumption. 
Moreover, y is not free in A' , or else it would be free in A'. Therefore, (ii) 
implies that 

T, 3y(C A Ci A ... A C n ) h c A' « A, 

which amounts to what we needed. 

• Finally, for condition (c) we assume the interesting case where G is not T. 
We need a proof of size less than I for the sequent 

A', VxD; T, 3y(C Ad),..., 3y(C A Ci A ... A C n ) \ — G' (t) 

To deduce this, we first choose a fresh variable u, and we apply Corollary 
14.31 to (iii), thus obtaining that 

A',D[u/x};T,C',C u ...,C n ,u^y^G' 

has a proof of size less than I — 1. Since u is new and r, G , C\, . . . , C n \~c 
3u(u ~ y), we can apply (Vl) obtaining that 

A' > VxD;r,G > C 1 ,...,C n \-G' 

has a proof of size less than I. From this, Lemma T4. 21 and Lemma WM fnote 
that y is not free in A', VxD, T, G') lead to a proof of size less than I for 

A', VxD; T, 3y(G A Ci A ... A C„) | — G' . 

Another application of Lemma 14.21 leads from this to a proof of size less 
than I for the sequent (f). 

(II). If Vxi . . .Vx n (G' => A') is a variant of a formula in elab(D[y/x]), then 
Myix\ . . .Vx n (G' => A 1 ) is a variant of a formula in elab(\fxD), and so it is 
a variant of a formula in elab(A). Then condition (a) coincides with (i) plus 
T he 3yG, and (b) is equivalent to (ii). Moreover from (iii) (assuming that 
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G' is not T) we can deduce that the sequent 

A',D[u/x};r,C',C 1 ,...,C n ,u^y^G' 

has a proof of size less than I — 1, because of Corollary 14. 31 (u is chosen as a 
new variable). Since T, C, C\, . .. ,C n he 3u(u » y), we can apply (Vl) and 
we obtain a proof of size less than / for the sequent 

A',VxD;T,C',C u ...,C n ^G'. 

That is precisely condition (c). □ 

Proofs of results from Section 4-3 

Lemma \4-7\ (Elaboration) 

For any A, T, A and F G elab(A): if A, F; T \- xc A, then A; T h IC A. 
Proof 

Since F G elab(A), there will be D £ A such that F G elab(D). The proof of the 
lemma is by case analysis according to the structure of D. 

• If D = A', then F = T => A'. We prove A; T hxe A by induction on the size 
I of the proof of A, F; T | — A. HI — 1, the proof consists on the application 
of (Atom), the form of F implies that it does not take part in this proof. 
So there exists A" G A such that T h c A" w A. Therefore A; T h IC A, 
by (Atom). Assuming now the result for proofs of size less than I, I > 1, we 
proceed by case analysis on the last rule applied in the proof of A, F;T\ — A. 
Note that it is only necessary to analyze the left-introduction rules, since the 
goal is an atomic formula. For (Al) and (Vl), we note that F = T =>• A' 
cannot participate on this step of the proof, instead a formula of A has been 
introduced. For instance, for (Al), if D\ A-D2 is the formula introduced, then 
A is of the form A' U {D\ A -D2}, and the last step of the proof is: 
A\D h D ll F } T^A 
A', Di A D2, F;T \ — A [ Lh 

So A', Di, D2, F;T\ — A has a proof of size less that I, and since F G elab(A'L) 
{£>i,Z?2}), A',Di,Z? 2 ;r hie A, by induction hypothesis. The result can be 
obtained now using the rule (A^). 

For the case (=>l), if the introduced formula is F (other cases are proved as 
before), then the last step of the proof is: 

A;r|-T A,A';T\-A 

A,F;T\-A [ Lh 

Since A' = D and D G A, the sequent A, A'; T\ — A can be also written as 
A; T I — A, and we are done. 
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• If D = Di A D 2 , then F £ elab(Di) for i = 1 or 2. A,F;L hxe A, by hy- 
pothesis, then it is easy to prove that also A, D x , D 2 , F; T hxc A. Hence, 
applying structural induction hypothesis to Di, A, D%, D 2 ;T hxe A. There- 
fore A, D1AD2; r \~xc A, in accordance with the rule (Al). This is equivalent 
to A; T hxc A, since D = D x A D 2 and D £ A. 

• If £> = Gi D X) then F = D, so F e A and we have A; V hxe A directly. 

• If Z? = MxDi, then F = VxFi and F\ € elab(Di). We proceed by induction 
on the size I of the proof of A, F;T\ — A. The case I = 1 is trivial because F 
cannot take part in the proof. Similarly we can reason the inductive step for 
the cases (Al) and (=>L)-The interesting case occurs when (Vl) was the last 
rule applied and F was the introduced formula. In this case, the last proof 
step is of the form: 

A 2 F\\y/x^T 1 C}-A T \- c 3yC 

A,F;F\—A [Lh 

where y is not free in the sequent of the conclusion. 

A,D 1 [y/x],F 1 [y/x];T, C \- xc A can be deduced from A, Fx[y/x];T, C hj C A. 
Then A,Di[y/x];T,C hxc A, since the lemma holds for Di[y/x] -simpler 
than D- and Fi[y/x] G elab(D x [y/x]). Therefore A,\/xD x ;T h IC A, by (V L ), 
using the fact that y is not free in A, MxDi , T, A, and that V \~c 3yC. We con- 
clude because D = \/xD x and D G A. □ 

Lemma \4-.9[ 

For any A,T,G, if V is a set of constraints such that V he T, and A;T hue G, 
then A; V \ — G has a WC-proof of the same size. 

Proof 

By induction on the size of the proof of the sequent A; T \ — G, by case analysis on 
the last rule applied. Using the definition of the system UC and Lemma 14.21 the 
only interesting case is when the last step corresponds to rule (Clause). But the 
proof in this case is a direct consequence of the induction hypothesis. □ 

Lemma \4-1Q\ 

For any A, T, C, G, if A; T, C hue G and x is a variable that does not appear free 
in A, r, G, then A; T, 3xC \ — G has a WC-proof of the same size. 

Proof 

As in the previous lemma, and due now to Lemma |4.4I we can focus the proof on 
the case (Clause). In this case G = A and the last step of the proof is of the form: 

A; T, C I — 3xi • • • 3xn((A' » A) A G') , , 
A; T, C I — A {ClaUSe) 
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where A, A' begin with the same predicate symbol, and \/xi . . .Vx n (G' =4> A') is a 
variant of a formula of elab(A), x\, . . . , x n do not appear free in the sequent of the 
conclusion. 

Since x is not free in A, A, and \fx\ . . . \fx n (G' A') is a variant of a formula of 
elab(A), then x is not free in 3x± . . . 3x n ((A' w A) A G'). Note also, that x is not 
free in T, A, by assumption, so applying the induction hypothesis to the sequent 
A; T, C . . . 3x n ((A' w A) A G'), 

A; T, 3xC | — 3x% . . . 3x n ((A' w A) A G") 

has a proof of the same size. Hence, applying (Clause), A; T, 3xC | — A has a £YC- 
proof of the same size that A; T, C | — A. □ 

Proofs of results from Section 5. 1 

Lemma \5.2\ 

Assume S = H[SOQ] and S' = nn'[5"0^'] are two states w.r.t. a set of variables 
V, such that <S|| — S' . If R' is a constraint with its free variables in IHI' or in V, and 
such that R' h c S' and for any (A', C , G 1 ) G G', A'; R', C' V uc G', then WR' h c S 
and for any (A, C, G) 6 0, A; Yl'R', C V uc G. 

Proof 

We analyze the different cases, according to the transformation applied. 

ii ) Disjunction. TV is empty and S = S' as above. Then let us check only the case 
(A, C, G) £ Q'. This implies G = G x VG 2 and (A, C, d) e 5' or (A, C, G 2 ) e 
C/'. By hypothesis 

A;IL'R',C V UC G x or A;U'R!,C V UC G 2 , 

since n'i?' = R' . Then A ; n'i?',G h wc G, because of the rule (V R ). 
Hi) Implication with local clause. As before the prefix and the partially calculated 
answer constraint do not change. If (A, G, G) ^ Q', then G = D ^> Gi and 
(A U {D}, G, Gi) G Q'. Hence, by hypothesis since II' R' = R' , it holds 

A,D;Tl'R',C h wc Gi 

from which we conclude the result by applying (=>r). 
iv) Implication with local constraint. As in the preceding cases where there are 
no changes in S and n, we check what happens if (A, G, G) G Q \ G 1 ■ In this 
case G = C' Gi and (A, G A G', Gi) G G' ■ By hypothesis, since II' iJ' = R', 
we have A; II' R', C AC' ^uc G\ then in accordance with Lemma fPl 

A;U'R',C,C V uc G x . 
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Now we conclude A; II' R', C Vuc G, by applying (=>Cr). 
v) Existential quantification. U' = 3w with w a new variable not in II nor in V. 
Hence, by item i) of Lemma fo. II w is not free in the formulas of Q, nor in S. 
Therefore, using the facts R' he S' and S = S', we can conclude 3wR' he S. 
Now let (A, C, G) G G, if (A, G, G) G 0', then A; i?', G h wc G, by hypothesis. 
Then A; 3wR' , G h^c G by Lemma f4. 101 because w is not free in A, G, G. 
If (A, G, G) $Q',G= 3xG x and (A, G, Gi[w/x]} G Q' . By hypothesis, 

A;i?',G h wc dKi] 

and so also A; 3wR', R', C hue Gi[w/x], by Lemma IOI Consequently, ap- 
plying the rule (3 R ), 

A;3wR\C V uc G 

since 3wR', C he 3wR' , and w is new for the sequent of the conclusion. 
vi) Universal quantification. U' = Vu> with w a new variable w.r.t. II and V, and 
S = S'. So VwR' h c S holds directly from R' h c S*'. 

Let (A, G, G) G g, if (A, G, G) G 0', then A;R',C h wc G, by hypothesis. 
Then A; U'R', C \- uc G because WR' h c R' and Lemma Ol 
If (A, G, G) i Q', G = VsGi and (A, G, Gi[w/x]) G 5'. By the hypothesis, 
since Vioi?' he i?' and Lemma T4. 91 we have 

A;VwR\C V uc G^w/x] 

Now, since w is not in II nor in V, by item i) of Lemma 15. II it is not free in 
A, G, G, and obviously w is neither free in \/wR' . Then we conclude 

A-VwR',C V uc G 

by applying (Vjj). 

Mi,) Constraint. In this case II' is empty and LIS" = n(S' A (G =>• G')) is C- 
satisfiable. Trivially R' h c 5' implies U'R' h c 5. 

Now let (A, G, G) G g, the case (A, G, G) G 0' is easily proved. If (A, G, G) <£ 
g', then G = G'. i?' h c G ^> G' because i?' h c S" and 5' = S A (G =► G'). 
By the properties of the constraint entailment, we deduce R',C \~c C'. Then 
applying the rule (C R ), 

A-U'R',C V UC G, 

because U'R' = R' . 

viii) Clause of the program. Since II' is empty and S = S' , we only check the 
case (A, G, G) G g and (A, G, G) g'. In such case G = A and there is 
Vxi . . . Vx n (Gi =>• A') a variant of a formula of elab(A) where: 
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• X\, . . . , x n are new variables not occurring in II, V, and therefore not free 
in A, A, C and n'i?'. 

• A and A' begin with the same predicate symbol. 

• (A, C, 3 Xl ... 3x n ((A' Rfi)A d)) G 0'. 
By hypothesis, since n'i?' = i?', 

A; n'i?', G h wc 3xi ■ ■ ■ 3x n {(A' * A) A Gi). 

Using now the rule (Clause), we conclude A;H'R\C \~uc G. □ 

Proofs of results from Section 5.2 

Lemma \5.4\ 

Let S = H[SOQ] be a non-final state w.r.t. a set of variables V, and let R be a 
constraint such that ni? is C-satisfiable and R he S. If A; R, C hue G for all 
(A, C, G) G Q, then we can find a rule transforming 5 in a state 5' = n'[S"D^'] 
(<S|| — iS') and a constraint R' such that: 

1. UR h c n'i?' and R' h c 5". 

2. A';i?',C" h wc G' for all (A',C",G") G Q' . Moreover Mg> a « Mqr. 
Proof 

Let us choose any (A, C, G) G <?; we reason by induction on the structure of G, 
analyzing cases: 

• If G has the form Gi A G 2 , Gi V G2, D Gi or C± Gi, then we apply 
respectively the transformation rules i), ii), Hi) or iv) to S. Let 5' be the 
state obtained after the transformation, and let i?' = R: 

1. ni? he n'i?' and i?' he S" are obvious by the hypothesis and because 
EE' = n, S' = S and R' = R. 

2. Let (A',G',G') G 0'. If (A',G',G'} G G, then A';i?',G' h wc G' trivially 
since A'; i?, G' Y~ U c G' by hypothesis, and R' = R. Moreover tr> (A', G', G') = 
r H (A',G',G'). 

If (A',G',G'} ^ ^ and i), for example, was applied, then A' = A, G' = 
G, G ee Gi A G 2 and G' ee Gi or G' ee G 2 . By hypothesis A;i?,G|— G 
with a proof of size I, therefore by the definition of UC, since i?' ee R, 
A; i?', G I — Gi and A; i?', G | — G 2 have proofs of size less than I. Consequently 
T RI (A',C',G l ) < t r (A,C,G) and t w (A> ,C ,G 2 ) < r R (A,C,G), so, finally 
A';i?',G' h uc G' for all (A',G',G') G Q' and M.g- W « 7W gj R. The argu- 
ment for transformations ii), Hi) and iv) is similar. Note that, in the case of ii), 
we must choose Gi (resp. G 2 ) if the shortest WC-proof of A; i?, G | — G\ V G 2 
contains a subproof of A; i?, G | — G\ (resp. G 2 ). 
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If G has the form \/xGi, we apply then the transformation rule vi) and obtain 
S'. Assume R' = R: 

1. Trivial since the choice of w assures that UR I — \q INwR ee U'R'; moreover, 
5" = 5*. 

2. Let (A', G', G'} G 5', if (A', C, G') G 5, then we obtain A'; i?', C" h wc G', 
being t r ,(A>, C',G') = t r (A', C',G'). 

If (A',C',G') Q', this is the triple coming from the transformation of 
(A,C,G), so G' ee diw/x], C' = C and A' ee A. By hypothesis A;R,C\ — G 
has a proof of size I, then since w does not appear free in A, G, R'(= R), Gi, 
because of the form of the calculus UC, A;R',C\ — G\[w/x\ has a proof of 
size less than I, and for that reason tri (A', C' , G') < tr(A,C,G), and thus 
we conclude that 2. is valid. 

If G is a constraint C\, we apply the transformation vii) obtaining S' . Assume 
R' ee R-. 

1. IIR he II' R' is trivial since IT ee n. Furthermore, A;R,C \- U e C x by 
hypothesis, so by the definition of UC, R, C he G\ and therefore R \~c C C\. 
Moreover R h c S, then # h c S", because R 1 = R and S' = S A (C Ci). 
Now, from i?' he 5" and the C-satisfiability of WR' = UR, we deduce that 
IT'S" is also C-satisfiable. Therefore the transformation step is allowed. 

2. g 1 C g, so A'; R', C' h UC G' for all (A', C' , G 1 ) G 5' and Mg> R > « A4 gfl . 
If G is atomic G = A, by hypothesis A; i?, C | — A has a proof of size I, 
then by reason of the form of UC, if x\, . . . ,x n are new variables not free 
in A, R, C neither in A, then there is a variant of a formula from elab(A), 
Vxi...Vx„(Gi A'), with A and A' beginning with the same predicate 
symbol, such that A; R, C | — Etei . . . 3x n ((A' w A) A Gi)(t) has a proof of 
size less than Z. We transform 5 in 5' by means of the rule viii), using 
Vzi...Va;„(Gi => A'). Assume now R' = R. Since S = S' and n ee n', 
the proof of 1. is immediate. 

2. Let (A', C', G') G 5', if (A', C', G') G ff, then A'; i?, G' h wc G' by hypoth- 
esis and therefore A'; R', C' h wc G', besides t w (A', G', G') = r R (A', C', G'). 
If (A', C', G') i g, then G' = 3 Xl ... 3x n ((A' ps A)AGi), G' ee G and A' ee A. 
As we have noted in (t), A;R',C'\ — G' has a proof of size less than /. 

So tr'(A', C', G') < tr(A, C, G), and 2. is also proved in this case. □ 
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